Internet

February 24, 2019

Have you noticed the latest TV craze? No, not sitcom reboots. Shows are trying to stick into their titles the most “scatological” of the “seven dirty words.” Schitt’s Creek, for example. Or the latest hilarious episode of Documentary Now, "Batshit Valley."

But when I think of that word, I think about how many tech giants really don’t give a “that word” about their customers. Now you might say “hey, didn’t Google just end their practice of forcing their employees to arbitrate all disputes in private, rigged arbitration systems?” Yes they did - after an vigorous and perilous effort by their employees. Writes Bloomberg:

The shift is a victory for Google employees who’ve been organizing on several fronts, including workplace harassment, the treatment of contract workers and what kind of work the company does for government and military groups. The Mountain View, California-based company won’t require third-parties that employ sub-contracted staff for Google to institute the same changes, though. About half of those in Google’s total workforce aren’t official employees of the company.

But it’s something, and it’s something the rest of the tech industry has not yet done (not to mention every other industry.)

But then again, how many times have you clicked “I have read and agreed to the Terms of Service” before conducting your latest online transaction, without any idea that the company just forced you, their loyal customer, into these same kind of "forced arbitration" agreements? That means you can’t sue them in court if, say, they use your personal data illegally or otherwise violate your privacy. Public Citizen put together this “Forced Arbitration Rogues Gallery,” so you can see some of the companies that make you "agree" to this. (Check out this article too, which cites a 2011 class action lawsuit that might be far more difficult to bring today over Google’s current products. The case, In re Google Buzz Privacy Litigation, led to an $8 million settlement with Gmail users “arising out of Google’s disclosure of personally identifiable information without authorization through the defunct site, Google Buzz.”)

We all know that tech companies do a terrible job protecting your privacy and can’t be trusted to self-regulate. That’s why last year, California enacted the California Consumer Protection Act, the strongest privacy law in the nation. As described by Consumer Watchdog:

It would, for instance, allow a private right of action – though with some limits -- in data breach cases. No such right currently exists. The law ensures:

The right of Californians to know what personal information is being collected about them.

The right of Californians to know whether their personal information is sold or disclosed and to whom.

The right of Californians to say no to the sharing or sale of personal information.

The right of Californians to access their personal information.

The right of Californians to equal service and price, even if they exercise their privacy rights.

That businesses cannot sell personal information of consumers under the age of 16 without explicit consent.

Tech companies like Google fought this law, but they lost. And they are likely to lose again when California moves to close up certain loopholes in last year’s legislation, problems made clear by the recent massive Starwoods/Marriott hack. Specifically, the bill would “expand[] the requirements for companies to notify users or customers if their passport and government ID numbers, along with biometric data, such as fingerprints, and iris and facial recognition scans, have been stolen.”

As Neema Singh Guliani, senior legislative counsel at the American Civil Liberties Union, pointed out in the Washington Post,

It has often been state legislatures — not Congress — that have led efforts to protect consumer privacy. California was the first in the nation to require that companies notify consumers of a data breach (other states have since followed suit), the first to mandate that companies disclose through a conspicuous privacy policy the types of information they collect and share with third parties, and among the first to recognize data privacy rights for children. Illinois set important limits on the commercial collection and storage of biometric information, such as fingerprints and face prints. Idaho, West Virginia, Oklahoma and other states have passed laws to protect student privacy.

But now, “companies like Amazon, Apple, Facebook and Google are pushing hard for federal digital privacy legislation in 2019, and not quite out of the goodness of their hearts. … Central to all these proposals is the notion that a federal bill should preempt any statewide legislation—like, say, California's—from taking effect.” Some bills have already been floated.

And not only that. Imitating the (failed) strategy of Big Tobacco, tech companies are now pressuring Congress to pass some sort of “grand bargain” that would not only preempt state laws, but also would repeal:

…every other existing piece of federal privacy legislation, including landmark laws like Health Insurance Portability and Accountability Act (HIPAA) and Family Educational Rights and Privacy Act (FERPA). Every sector- or issue-specific privacy law would be removed, and state and local lawmakers would be unable to draft stricter, more specific regulations in the future.…

The Children’s Online Privacy Protection Act (COPPA) would be one of the repealed laws. It was authored by Sen. Ed Markey (D-MA) in the late ‘90s, and IT was one of the first pieces of legislation governing the collection of data. The law imposes requirements on companies when it comes to collecting data on children under 13 years of age, which has become a sticking point for a number of tech companies. Both Google and Facebook have been sued multiple times for violating COPPA, and the law is one of the main reasons many web services cut off at age 13.

“As Congress works to provide the American people with a comprehensive federal privacy law, we should build upon—not dismantle—existing safeguards,” Markey said, responding to ITIF’s proposal. “Getting rid of COPPA is literally like throwing the baby out with the bath water.”

Got a News Tip?

All opinions expressed on this blog are those of the authors only. Any disputes should be addressed to the authors or commentators. The Pop Tort invites comment to further the debate on issues addressed, but we reserve the right to deny or remove any post or comment.